A problem Integrating OpenAm, JBoss and J2EE Agent

This topic has 1 reply, 2 voices, and was last updated 5 years, 10 months ago by Peter Major.

  • Author
    Posts
  • #2261
     cchebert
    Participant

    Hi,

    I’m trying to use OpenAm with a J2EE Agent running on JBoss. My application is just a simple war with a single html file (hello world).

    Without the login-config section in my web.xml file I simply hit a 403 error when I access my application, no redirection to OpenAm.

    So I figured that I need a login-config section in web.xml file to specify the realm even if I did put it in my jboss-web.xml (“<security-domain>java:/jaas/AMRealm</security-domain>”).

    Why do I need a login-config section in my web.xml ? My problem is that the redirection to my login page happen before the agent filter is redirecting me to OpenAM. In the “goto” parameter I see the url of my login page, which doesn’t really exists since I want to use the OpenAM login page (for now).

    By the way, I would prefer to let OpenAm do the authentication part but to keep the authorization part on the jboss side (using the SSO_ONLY mode for the agent).

    Any help would be much appreciated !

    #2401
     Peter Major
    Moderator

    Hi,

    not sure why jboss-web.xml changes are necessary, can’t really tell for sure – theoretically setting login-config>realm-name should be just as sufficient in my opinion. In any case, what you should do is:
    1) configure the agent, so that it protects your application in J2EE_POLICY (this is when no OpenAM policies are enforced, but the agent will still deal with authentication for you)
    2) once you’ve set up your form-login-config, make sure the corresponding login and error pages are configured in the agent profile as well (under the Applications tab), that should allow the agent to recognize those URLs and handle them appropriately.
    3) make sure that the agent filter is defined in your web.xml and it is the first filter, otherwise other filters may provide unprotected output from the application.

    cheers,
    Peter

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?